Adding Authentication Policies

Authors
  • avatar
    Name
    Michael Bui
    Twitter

Overview

Some users or every user can take advantage of MFA. Using Authentication Policies in Okta is similar to having conditional access policies in Azure.

Instructions

  1. Go to Security -> Authentication Policies -> Add a Policy
  2. Provide a name and description
  3. The default catch-all policy is 2FA, but we're going to create a new rule
  4. Click on Add Rule
  5. Provide a name and target Sam Morse for the User is property
  6. Configure to grant Sam access if they authenticate with a password + another factor - In case Google Authenticator is set up in our environment
  7. Add an app to this rule to take affect on - Google Workspace

Verifying

  • Log in as Sam Morse
  • In my Apps I click to launch Gmail
  • Prompted to setup Google Authenticator because it hasn't been set up yet
  • I'm also prompted to re-enter my okta password
  • Close the session and reopen & you'll SSO normally because reauthentication was set to 2 hours when set up